[SURBL-Discuss] Simon's complex redirection
ekolve at comcast.net
Tue Apr 27 18:03:51 CEST 2004
On Wed, Apr 28, 2004 at 01:26:48AM +0200, Patrik Nilsson wrote:
> At 10:55 2004-04-28 +1200, Simon Byrnand wrote:
> >> It's double-encoded. We can catch that easily. But first, my question
> >> does this *work* in an MUA, ie. should we? Simon, could you try it?
> >What you get is the image preview in google which consists of an image in
> >the top frame, and the page that it came from in the bottom frame, and in
> >the bottom frame was a link "click here for ......." so yes it definately
> >does work...
> I guess this is a 'framer' rather than a redirector.
> A url that points to a frameset that loads an external page specified in
> the query url in one of the frames.
I think this is a case where we can only catch such a case by
parsing the path for things that look like a url since we won't
get any valuable information based on the GET itself.
> For all practical purposes it's similar to a redirector, but with
> The http response code from a GET request using the url will not indidate
> that it's a redirector.
> For a user loading the page in a browser, the adress of the spamvertized
> website will not be visible in the location bar.
> For some spammers, this would probably be prefered over traditional
> Discuss mailing list
> Discuss at lists.surbl.org
More information about the Discuss